Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YfTZxfoK42S02B7bxNGCAPAPvH8.cer
File:                     YfTZxfoK42S02B7bxNGCAPAPvH8.cer (raw, json)
Hash identifier:          cBc+EYRLgtuULofg/hWjfpIVfNpmBytpmT49h1qaIFg=
Subject key identifier:   61:F4:D9:C5:FA:0A:E3:64:B4:D8:1E:DB:C4:D1:82:00:F0:0F:BC:7F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0198E55B1C31D59C806732602F04274ECF38
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b2/65182a-a62f-4042-8a9b-7ee5311a2a3c/1/YfTZxfoK42S02B7bxNGCAPAPvH8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b2/65182a-a62f-4042-8a9b-7ee5311a2a3c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 26 Aug 2025 07:50:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2001:678:10e8::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:5b:1c:31:d5:9c:80:67:32:60:2f:04:27:4e:cf:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 26 07:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61f4d9c5fa0ae364b4d81edbc4d18200f00fbc7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a1:32:8e:50:29:61:26:0e:e9:fa:c4:08:98:
                    a6:4e:e3:d1:b0:cb:84:37:27:e9:f2:b6:0f:34:8a:
                    f6:1e:87:d6:63:93:fd:ef:f2:01:36:bd:b4:8a:27:
                    22:e5:d9:f8:67:28:34:f7:65:ed:63:7f:62:17:dd:
                    3d:71:47:9a:d3:2b:68:a2:ed:8a:91:b0:fb:15:25:
                    f7:8c:24:ab:58:4a:4c:95:10:64:7d:9a:8b:4a:ae:
                    77:38:9f:66:bb:47:d8:d3:66:9b:3a:01:ca:5e:c0:
                    82:20:75:c6:dc:cd:40:36:ed:0e:5c:a0:b7:77:59:
                    54:86:2b:56:49:5c:1c:f2:b6:ce:40:48:6d:a5:06:
                    bc:f8:b5:f5:fb:7e:83:e9:3f:2b:e5:cb:f2:05:44:
                    ca:37:d6:a6:8b:8a:3c:fc:60:a2:7a:a5:48:9f:88:
                    91:72:60:45:39:79:50:fb:cb:c6:3d:8d:39:99:6e:
                    df:8b:01:ed:66:2c:05:40:73:f2:66:79:2a:a8:94:
                    3e:65:ff:9c:8e:34:0a:57:0a:6a:49:80:ae:ec:ea:
                    57:7c:9b:af:4d:54:8d:22:e1:29:0b:1a:4d:26:9a:
                    51:98:59:e1:a3:9d:c2:92:6d:d0:b5:9d:63:04:b8:
                    5e:17:f7:76:12:e1:da:1a:d1:c4:64:72:c3:fb:97:
                    ac:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F4:D9:C5:FA:0A:E3:64:B4:D8:1E:DB:C4:D1:82:00:F0:0F:BC:7F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/65182a-a62f-4042-8a9b-7ee5311a2a3c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/65182a-a62f-4042-8a9b-7ee5311a2a3c/1/YfTZxfoK42S02B7bxNGCAPAPvH8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:10e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:00:5a:c5:a0:6f:fd:62:66:a7:9f:70:a3:d6:8e:7b:ca:60:
         31:89:87:d2:a1:8b:76:76:de:6c:cf:0e:4a:8b:bc:4f:1e:07:
         ba:82:a7:65:05:0b:66:b3:d5:a0:ea:e9:78:4e:cc:63:6d:18:
         31:dc:17:68:0f:ef:ff:05:59:dc:a8:5f:fe:42:32:cc:52:bb:
         47:97:7d:3f:63:d9:0e:0d:a3:29:6b:75:9a:ca:f9:a5:d8:39:
         33:22:39:a3:49:9f:6c:b8:39:f7:22:85:5e:87:30:f8:9f:ee:
         3d:2a:a1:d8:ae:6f:15:6c:59:88:bb:03:72:6f:b2:3e:3a:32:
         d5:9e:f8:29:6b:4d:21:8b:d0:00:f8:fc:1e:84:a9:e1:70:8c:
         4b:82:0b:e9:2e:cd:c6:04:aa:3f:4a:b5:72:ec:4c:df:c7:29:
         0e:ff:27:32:68:d4:78:1b:0a:04:64:98:55:ae:d0:60:00:e7:
         02:5c:03:6a:68:62:7b:cd:57:c5:e8:89:00:e2:07:f9:2e:86:
         3d:c9:a5:08:c5:4c:90:85:f1:c5:03:7b:54:a4:81:ea:57:a6:
         9e:60:63:18:a5:43:b1:7b:11:ef:11:12:25:e9:3e:31:da:5c:
         f0:69:fe:21:b1:55:63:0e:37:60:b2:67:c8:9e:b2:5d:82:0c:
         7c:a3:bb:aa
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZjlWxwx1ZyAZzJgLwQnTs84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwODI2MDc1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWY0ZDljNWZhMGFlMzY0YjRkODFlZGJjNGQxODIwMGYwMGZiYzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaEyjlApYSYO6frECJimTuPRsMuE
Nyfp8rYPNIr2HofWY5P97/IBNr20iici5dn4Zyg092XtY39iF909cUea0ytoou2K
kbD7FSX3jCSrWEpMlRBkfZqLSq53OJ9mu0fY02abOgHKXsCCIHXG3M1ANu0OXKC3
d1lUhitWSVwc8rbOQEhtpQa8+LX1+36D6T8r5cvyBUTKN9ami4o8/GCieqVIn4iR
cmBFOXlQ+8vGPY05mW7fiwHtZiwFQHPyZnkqqJQ+Zf+cjjQKVwpqSYCu7OpXfJuv
TVSNIuEpCxpNJppRmFnho53Ckm3QtZ1jBLheF/d2EuHaGtHEZHLD+5essQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFGH02cX6CuNktNge28TRggDwD7x/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IyLzY1MTgy
YS1hNjJmLTQwNDItOGE5Yi03ZWU1MzExYTJhM2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjIvNjUxODJh
LWE2MmYtNDA0Mi04YTliLTdlZTUzMTFhMmEzYy8xL1lmVFp4Zm9LNDJTMDJCN2J4
TkdDQVBBUHZIOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBDoMA0GCSqGSIb3DQEBCwUAA4IBAQCr
AFrFoG/9Ymann3Cj1o57ymAxiYfSoYt2dt5szw5Ki7xPHge6gqdlBQtms9Wg6ul4
TsxjbRgx3BdoD+//BVncqF/+QjLMUrtHl30/Y9kODaMpa3Wayvml2DkzIjmjSZ9s
uDn3IoVehzD4n+49KqHYrm8VbFmIuwNyb7I+OjLVnvgpa00hi9AA+PwehKnhcIxL
ggvpLs3GBKo/SrVy7EzfxykO/ycyaNR4GwoEZJhVrtBgAOcCXANqaGJ7zVfF6IkA
4gf5LoY9yaUIxUyQhfHFA3tUpIHqV6aeYGMYpUOxexHvERIl6T4x2lzwaf4hsVVj
DjdgsmfInrJdggx8o7uq
-----END CERTIFICATE-----